The Future of Multi-factor authentication

Most organisations have moved to two factor authentication for their online banking transactions, but in recent events all the big banks were attacked despite this already being in place.

The question then becomes if two-factor authentication is not sufficient, we need to just move to a multi-factor approach. Let’s recall the definition:

  • Something you have – examples include: a physical card, a one-time–password token, or a smartphone, for example
  • Something you know – examples include: a PIN, a password, or the answer to a personal question
  • Something you are – examples include: a fingerprint, a retina scan, your voice

It would appear that having and knowing is not enough, then evaluating something you are what would be the appropriate biometric to utilise?

Biometrics – the Ears have it?

You can create an image of your ear over a number of cycles and these curves are translated into a series of numbers that can be used as an identification tool. Ears are not affected by facial expression or by differences in background scenery.

But people do wear jewelry and also hair \ glass frames may impede the image. Perhaps the ears are not the best option.

How about your Face?

Facial recognition is one of the most promising as we all carry a cell phone that is capable of being the input device. Most traditional face recognition systems measure the distance between the eyes, position of cheekbones, size of nose, jaw line, chin etc. The combined math of the measurement becomes a unique code.

The problem with traditional technology is that you have to stand still and be front on. However, 3D facial recognition sensors capture information about the shape of a face from all three angles and is less effected by lighting conditions.

Give me a Hand?

Most of us already use Fingerprints with our iPhone. Fingerprint identity technology compares the pattern of ridges and furrows on the fingertips.

But Fingerprint technology is not good for industrial applications, due to dirt and in these instances Hand geometry is more suitable. This approach measures the dimensions of a hand and compares those to a file copy.

Eye for Details?

There are technologies to scan the Iris or Retina. Retina scans have been adopted as military grade, there are downsides as requires you to sit still for about 15 seconds.

Please Talk to me?

Voice biometrics are however a good way to authenticate. When this is used with a random phrase, then the approach has strong security and therefore hard to break.

Intel and Microsoft to the rescue?

Hardened Multifactor Authentication is the answer so how do we all move forward? This has been a cost tradeoff that few wanted to tackle. But we now have Intel and Microsoft with new announcements that would move this cause.

Recently announced was Microsoft’s Active Authentication to allow enterprises to secure employee, partner, and customer access to cloud applications with multi-factor authentication. They have enabled multi-factor authentication support with Windows Azure Active Directory identities to help secure access to Office 365, Windows Azure and Dynamics CRM Online

The way this works is that after the normal entering of your username and password, the user is required to also authenticate with the Active Authentication app on their mobile device or via an automated phone call or text message.

Also recently Intel rolled out multifactor authentication (MFA) technology that will work in any new PC equipped with its 6th Generation Core processors. Named Intel Authenticate, this new technology represents a new powerful option.

Perhaps when can work out an approach that utilises Intel and Microsoft in tandem, perhaps we then will have a secure approach for all of us.

Participate in this short survey on IT security strategies across the Australian market and go in the draw to WIN a 360Fly camera vailued at $689.

Start survey NOW

Join the CSO newsletter!

Error: Please check your email address.

Tags technology trendssmartphonesfingerprintbiometricsiPhonefacial recognitionauthenticationretinavoice recognitionintelonline bankingMicrosoft

More about BiometricsIntelMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Gee

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts